Contact

Atomic macOS Stealer includes a backdoor for persistent access

NetmanageIT OpenCTI - opencti.netmanageit.com

Atomic macOS Stealer includes a backdoor for persistent access



SUMMARY :

The Atomic macOS Stealer (AMOS) has received a major update, now including an embedded backdoor for persistent access to compromised Mac devices. This upgrade allows attackers to maintain access, run remote tasks, and gain extended control over infected machines. The Russia-affiliated AMOS threat group has expanded its capabilities beyond data exfiltration, now enabling full system compromise. The malware's distribution vectors include websites offering cracked software and spear phishing campaigns targeting high-value individuals. The infection process involves a trojanized DMG file, bash scripts, and AppleScript for execution and persistence. The backdoor communicates with command-and-control servers, fetching and executing tasks on compromised systems. This evolution represents a significant escalation in both capability and intent, posing a higher risk to macOS users worldwide.

OPENCTI LABELS :

backdoor,amos,macos,data exfiltration,spear phishing,cryptocurrency,atomic macos stealer,persistent access,russia-affiliated


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Atomic macOS Stealer includes a backdoor for persistent access